ArchLinux: 201808-8: thunderbird: multiple issues
Summary
- CVE-2018-5156 (arbitrary code execution)
A vulnerability can occur in Firefox before 61.0 and Thunderbird
before 60.0 when capturing a media stream when the media source type is
changed as the capture is occurring. This can result in stream data
being cast to the wrong type causing a potentially exploitable crash.
- CVE-2018-5187 (arbitrary code execution)
Several memory safety bugs have been found in Firefox before 61.0 and
Thunderbird before 60.0. Some of these bugs showed evidence of memory
corruption and Mozilla presumes that with enough effort some of these
could be exploited to run arbitrary code.
- CVE-2018-12361 (arbitrary code execution)
An integer overflow can occur in Firefox before 61.0 and Thunderbird
before 60.0 in the SwizzleData code while calculating buffer sizes. The
overflowed value is used for subsequent graphics computations when
their inputs are not sanitized which results in a potentially
exploitable crash.
- CVE-2018-12367 (information disclosure)
A security issue has been found in Firefox before 61.0 and Thunderbird
before 60.0. In the previous mitigations for Spectre, the resolution or
precision of various methods was reduced to counteract the ability to
measure precise time intervals. In that work,
PerformanceNavigationTiming was not adjusted but it was found that it
could be used as a precision timer.
- CVE-2018-12371 (arbitrary code execution)
An integer overflow vulnerability has been found in the Skia library
shipped with Firefox before 61.0 and Thunderbird before 60.0, when
allocating memory for edge builders on some systems with at least 16 GB
of RAM. This results in the use of uninitialized memory, resulting in a
potentially exploitable crash.
Resolution
Upgrade to 60.0-1.
# pacman -Syu "thunderbird>=60.0-1"
The problems have been fixed upstream in version 60.0.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2018-19/ https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5156 https://bugzilla.mozilla.org/show_bug.cgi?id=1453127 https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-5187 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1461324%2C1414829%2C1395246%2C1467938%2C1461619%2C1425930%2C1438556%2C1454285%2C1459568%2C1463884 https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12361 https://bugzilla.mozilla.org/show_bug.cgi?id=1463244 https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12367 https://bugzilla.mozilla.org/show_bug.cgi?id=1462891 https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/#CVE-2018-12371 https://bugzilla.mozilla.org/show_bug.cgi?id=1465686 https://security.archlinux.org/CVE-2018-5156 https://security.archlinux.org/CVE-2018-5187 https://security.archlinux.org/CVE-2018-12361 https://security.archlinux.org/CVE-2018-12367 https://security.archlinux.org/CVE-2018-12371
![Dist Arch](/images/distros/dist-arch.png)
Workaround
None.